From 9c650a57c5e5de48bb3d59dc734ec18c10e39a2c Mon Sep 17 00:00:00 2001 From: Kristov Atlas <7227529+kristovatlas@users.noreply.github.com> Date: Wed, 19 Jun 2024 10:59:15 -0500 Subject: [PATCH] [docs] Update SECURITY.md (#45) ## Description Closes: N/A --- ### Author Checklist *All items are required. Please add a note to the item if the item is not applicable and please add links to any relevant follow up issues.* I have... - [x] included the correct `docs:` prefix in the PR title - [x] targeted the correct branch (see [PR Targeting](https://github.com/atomone-hub/govgen/blob/main/CONTRIBUTING.md#pr-targeting)) - [x] provided a link to the relevant issue or specification - [x] reviewed "Files changed" and left comments if necessary - [x] confirmed all CI checks have passed ### Reviewers Checklist *All items are required. Please add a note if the item is not applicable and please add your handle next to the items reviewed if you only reviewed selected items.* I have... - [ ] Confirmed the correct `docs:` prefix in the PR title - [ ] Confirmed all author checklist items have been addressed - [ ] Confirmed that this PR only changes documentation - [ ] Reviewed content for consistency - [ ] Reviewed content for thoroughness - [ ] Reviewed content for spelling and grammar - [ ] Tested instructions (if applicable) --------- Co-authored-by: Thomas Bruyelle --- SECURITY.md | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/SECURITY.md b/SECURITY.md index d41c43a0..2c8bbcf9 100644 --- a/SECURITY.md +++ b/SECURITY.md @@ -1,9 +1,14 @@ -## How to Report a Security Bug +# Security Policy -TBD +All in Bits strives to contribute toward the security of our ecosystem through internal security practices, and by working with external security researchers from the community. -***Please DO NOT file a public issue in this repository to report a security vulnerability.*** +## Reporting a Vulnerability -## Coordinated Vulnerability Disclosure Policy and Safe Harbor +If you've identified a vulnerability, please report it through one of the following venues: +* Submit an advisory through GitHub: https://github.com/atomone-hub/govgen/security/advisories/new +* Email security [at-symbol] tedermint [dot] com. If you are concerned about confidentiality e.g. because of a high-severity issue, you may email us for PGP or Signal contact details. +* We provide bug bounty rewards through our program at [HackenProof](https://hackenproof.com/all-in-bits). You must report via HackenProof in order to be eligible for rewards. -TBD +We will respond within 3 business days to all received reports. + +Thank you for helping to keep our ecosystem safe!